From d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f Mon Sep 17 00:00:00 2001 From: hbratko Date: Wed, 22 Aug 2007 09:27:06 +0000 Subject: Evaluate result from signature manifest check and throw exception if an error code is returned (tranforms within signature do not match expected transforms from profile) - only in the case of AUTHBlock verification. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@923 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/auth/validator/VerifyXMLSignatureResponseValidator.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 1f2ebc37c..d5650b897 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -92,9 +92,12 @@ public class VerifyXMLSignatureResponseValidator { } - // TODO See Bug #322 - // Check result of SignatureManifestCheck - + // Check the signature manifest only when verifying the signed AUTHBlock + if (whatToCheck.equals(CHECK_AUTH_BLOCK)) { + if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) { + throw new ValidateException("validator.50", null); + } + } //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not if (identityLinkSignersSubjectDNNames != null) { -- cgit v1.2.3